diff --git a/data/Dockerfiles/rspamd/docker-entrypoint.sh b/data/Dockerfiles/rspamd/docker-entrypoint.sh index 8448cf94..6993ef21 100755 --- a/data/Dockerfiles/rspamd/docker-entrypoint.sh +++ b/data/Dockerfiles/rspamd/docker-entrypoint.sh @@ -27,7 +27,7 @@ until [[ ! -z ${DOVECOT_V4} ]]; do DOVECOT_V4=$(dig a dovecot +short) DOVECOT_V6=$(dig aaaa dovecot +short) [[ ! -z ${DOVECOT_V4} ]] && break; - echo "Waiting for Dovecot" + echo "Waiting for Dovecot..." sleep 3 done echo ${DOVECOT_V4}/32 > /etc/rspamd/custom/dovecot_trusted.map @@ -35,6 +35,20 @@ if [[ ! -z ${DOVECOT_V6} ]]; then echo ${DOVECOT_V6}/128 >> /etc/rspamd/custom/dovecot_trusted.map fi +RSPAMD_V4= +RSPAMD_V6= +until [[ ! -z ${RSPAMD_V4} ]]; do + RSPAMD_V4=$(dig a rspamd +short) + RSPAMD_V6=$(dig aaaa rspamd +short) + [[ ! -z ${RSPAMD_V4} ]] && break; + echo "Waiting for Rspamd..." + sleep 3 +done +echo ${RSPAMD_V4}/32 > /etc/rspamd/custom/rspamd_trusted.map +if [[ ! -z ${RSPAMD_V6} ]]; then + echo ${RSPAMD_V6}/128 >> /etc/rspamd/custom/rspamd_trusted.map +fi + chown -R _rspamd:_rspamd /var/lib/rspamd \ /etc/rspamd/local.d \ /etc/rspamd/override.d \ @@ -53,6 +67,7 @@ touch /etc/rspamd/custom/global_mime_from_blacklist.map \ /etc/rspamd/custom/bad_languages.map \ /etc/rspamd/custom/sa-rules \ /etc/rspamd/custom/dovecot_trusted.map \ + /etc/rspamd/custom/rspamd_trusted.map \ /etc/rspamd/custom/ip_wl.map \ /etc/rspamd/custom/fishy_tlds.map \ /etc/rspamd/custom/bad_words.map \ diff --git a/data/conf/rspamd/local.d/dkim_signing.conf b/data/conf/rspamd/local.d/dkim_signing.conf index b87f89c8..4ffb5544 100644 --- a/data/conf/rspamd/local.d/dkim_signing.conf +++ b/data/conf/rspamd/local.d/dkim_signing.conf @@ -1,13 +1,13 @@ # If false, messages with empty envelope from are not signed allow_envfrom_empty = false; # If true, envelope/header domain mismatch is ignored -allow_hdrfrom_mismatch = false; +allow_hdrfrom_mismatch = true; # If true, multiple from headers are allowed (but only first is used) allow_hdrfrom_multiple = true; # If true, username does not need to contain matching domain allow_username_mismatch = true; # If false, messages from authenticated users are not selected for signing -auth_only = true; +auth_only = false; # Default path to key, can include '$domain' and '$selector' variables path = "/data/dkim/keys/$domain.dkim"; # Default selector to use